* [PATCH] OpenVPN: Add to update and exclude @ 2020-04-17 16:34 Erik Kapfer 2020-04-17 17:41 ` Michael Tremer 2020-05-07 10:46 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 Erik Kapfer 0 siblings, 2 replies; 7+ messages in thread From: Erik Kapfer @ 2020-04-17 16:34 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 1520 bytes --] Since some OpenVPN updates did not apply, the service will be stopped before the update to prevent 'Text file busy' and start up again. Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> --- config/rootfiles/core/144/exclude | 1 + config/rootfiles/core/144/update.sh | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/config/rootfiles/core/144/exclude b/config/rootfiles/core/144/exclude index b22159878..ba1b646e6 100644 --- a/config/rootfiles/core/144/exclude +++ b/config/rootfiles/core/144/exclude @@ -24,5 +24,6 @@ var/lib/alternatives var/log/cache var/log/dhcpcd.log var/log/messages +var/ipfire/ovpn var/state/dhcp/dhcpd.leases var/updatecache diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh index 6a9c51931..81a6c626e 100644 --- a/config/rootfiles/core/144/update.sh +++ b/config/rootfiles/core/144/update.sh @@ -47,6 +47,15 @@ done # Remove files # Stop services +# Stop OpenVPN server if it runs +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then + /usr/local/bin/openvpnctrl -k +fi + +# Stop OpenVPN N2N if it runs +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then + /usr/local/bin/openvpnctrl -kn2n +fi # Extract files extract_files @@ -55,6 +64,9 @@ extract_files ldconfig # Start services +# Start OpenVPN again +/usr/local/bin/openvpnctrl -s +/usr/local/bin/openvpnctrl -sn2n # Update Language cache /usr/local/bin/update-lang-cache -- 2.20.1 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] OpenVPN: Add to update and exclude 2020-04-17 16:34 [PATCH] OpenVPN: Add to update and exclude Erik Kapfer @ 2020-04-17 17:41 ` Michael Tremer 2020-04-17 18:59 ` ummeegge 2020-05-07 10:46 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 Erik Kapfer 1 sibling, 1 reply; 7+ messages in thread From: Michael Tremer @ 2020-04-17 17:41 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 2388 bytes --] Hi, This patch is for Core Update 144, but I am not sure if we can ship it with this. The update will contain the OpenSSL update that is announced for Tuesday and I would like to be able to release it as soon as possible. I am not sure what the risk is with this patch delaying that release, so I will let Arne decide. See below for more... > On 17 Apr 2020, at 17:34, Erik Kapfer <ummeegge(a)ipfire.org> wrote: > > Since some OpenVPN updates did not apply, the service will be stopped before the update to prevent 'Text file busy' and start up again. Normally this should to be a problem. Tar is normally able to replace any binary, even if it is just running. We definitely need to restart OpenVPN to take advantage of the new version. > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> > --- > config/rootfiles/core/144/exclude | 1 + > config/rootfiles/core/144/update.sh | 12 ++++++++++++ > 2 files changed, 13 insertions(+) > > diff --git a/config/rootfiles/core/144/exclude b/config/rootfiles/core/144/exclude > index b22159878..ba1b646e6 100644 > --- a/config/rootfiles/core/144/exclude > +++ b/config/rootfiles/core/144/exclude > @@ -24,5 +24,6 @@ var/lib/alternatives > var/log/cache > var/log/dhcpcd.log > var/log/messages > +var/ipfire/ovpn > var/state/dhcp/dhcpd.leases > var/updatecache > diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh > index 6a9c51931..81a6c626e 100644 > --- a/config/rootfiles/core/144/update.sh > +++ b/config/rootfiles/core/144/update.sh > @@ -47,6 +47,15 @@ done > # Remove files > > # Stop services > +# Stop OpenVPN server if it runs > +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then > + /usr/local/bin/openvpnctrl -k > +fi > + > +# Stop OpenVPN N2N if it runs > +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then > + /usr/local/bin/openvpnctrl -kn2n > +fi Interesting way to stop it. Can we not call openvpnctrl regardless, because it won’t matter if the daemon wasn’t running at all. > # Extract files > extract_files > @@ -55,6 +64,9 @@ extract_files > ldconfig > > # Start services > +# Start OpenVPN again > +/usr/local/bin/openvpnctrl -s > +/usr/local/bin/openvpnctrl -sn2n > > # Update Language cache > /usr/local/bin/update-lang-cache > — > 2.20.1 > Best, -Michael ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] OpenVPN: Add to update and exclude 2020-04-17 17:41 ` Michael Tremer @ 2020-04-17 18:59 ` ummeegge 0 siblings, 0 replies; 7+ messages in thread From: ummeegge @ 2020-04-17 18:59 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 2795 bytes --] Hi Michael, Am Freitag, den 17.04.2020, 18:41 +0100 schrieb Michael Tremer: > Hi, > > This patch is for Core Update 144, but I am not sure if we can ship > it with this. > > The update will contain the OpenSSL update that is announced for > Tuesday and I would like to be able to release it as soon as > possible. OK, may also a good date for this ? > > I am not sure what the risk is with this patch delaying that release, > so I will let Arne decide. Alright. > > See below for more... > > > On 17 Apr 2020, at 17:34, Erik Kapfer <ummeegge(a)ipfire.org> wrote: > > > > Since some OpenVPN updates did not apply, the service will be > > stopped before the update to prevent 'Text file busy' and start up > > again. > > Normally this should to be a problem. Tar is normally able to replace > any binary, even if it is just running. > > We definitely need to restart OpenVPN to take advantage of the new > version. Thought we should give it a try in that way. > > > > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> > > --- > > config/rootfiles/core/144/exclude | 1 + > > config/rootfiles/core/144/update.sh | 12 ++++++++++++ > > 2 files changed, 13 insertions(+) > > > > diff --git a/config/rootfiles/core/144/exclude > > b/config/rootfiles/core/144/exclude > > index b22159878..ba1b646e6 100644 > > --- a/config/rootfiles/core/144/exclude > > +++ b/config/rootfiles/core/144/exclude > > @@ -24,5 +24,6 @@ var/lib/alternatives > > var/log/cache > > var/log/dhcpcd.log > > var/log/messages > > +var/ipfire/ovpn > > var/state/dhcp/dhcpd.leases > > var/updatecache > > diff --git a/config/rootfiles/core/144/update.sh > > b/config/rootfiles/core/144/update.sh > > index 6a9c51931..81a6c626e 100644 > > --- a/config/rootfiles/core/144/update.sh > > +++ b/config/rootfiles/core/144/update.sh > > @@ -47,6 +47,15 @@ done > > # Remove files > > > > # Stop services > > +# Stop OpenVPN server if it runs > > +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then > > + /usr/local/bin/openvpnctrl -k > > +fi > > + > > +# Stop OpenVPN N2N if it runs > > +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then > > + /usr/local/bin/openvpnctrl -kn2n > > +fi > > Interesting way to stop it. Can we not call openvpnctrl regardless, > because it won’t matter if the daemon wasn’t running at all. May you are right haven´t checked it deeper. Should we do it now or in the next update ? It should nothing break in my opinion. > > > # Extract files > > extract_files > > @@ -55,6 +64,9 @@ extract_files > > ldconfig > > > > # Start services > > +# Start OpenVPN again > > +/usr/local/bin/openvpnctrl -s > > +/usr/local/bin/openvpnctrl -sn2n > > > > # Update Language cache > > /usr/local/bin/update-lang-cache > > — > > 2.20.1 > > > > Best, > -Michael > > ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 2020-04-17 16:34 [PATCH] OpenVPN: Add to update and exclude Erik Kapfer 2020-04-17 17:41 ` Michael Tremer @ 2020-05-07 10:46 ` Erik Kapfer 2020-05-07 10:46 ` [PATCH v2 2/2] update.sh: Stop|Start OpenVPN for update Erik Kapfer 2020-05-14 12:40 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 ummeegge 1 sibling, 2 replies; 7+ messages in thread From: Erik Kapfer @ 2020-05-07 10:46 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 1514 bytes --] Beneath several smaller fixes, this version fixes also some OpenSSL problems but also CVE-2020-11810. The full changelog can be found in here https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 . Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> --- lfs/openvpn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/openvpn b/lfs/openvpn index 0ee437e78..779bf5520 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.4.8 +VER = 2.4.9 THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 03a4a077945c157703681a06935bc3f9 +$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8 install : $(TARGET) -- 2.12.2 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2 2/2] update.sh: Stop|Start OpenVPN for update 2020-05-07 10:46 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 Erik Kapfer @ 2020-05-07 10:46 ` Erik Kapfer 2020-05-14 12:40 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 ummeegge 1 sibling, 0 replies; 7+ messages in thread From: Erik Kapfer @ 2020-05-07 10:46 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 814 bytes --] Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> --- config/rootfiles/core/145/update.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/rootfiles/core/145/update.sh b/config/rootfiles/core/145/update.sh index 2571fa3b3..4b9468a49 100644 --- a/config/rootfiles/core/145/update.sh +++ b/config/rootfiles/core/145/update.sh @@ -48,6 +48,10 @@ done # Stop services /etc/init.d/vnstat stop +# Prepare OpenVPN for update +/usr/local/bin/openvpnctrl -k +/usr/local/bin/openvpnctrl -kn2n + # Extract files extract_files @@ -57,6 +61,10 @@ ldconfig # Start services /etc/init.d/vnstat start +# Start OpenVPN again +/usr/local/bin/openvpnctrl -s +/usr/local/bin/openvpnctrl -sn2n + # Update Language cache /usr/local/bin/update-lang-cache -- 2.12.2 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 2020-05-07 10:46 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 Erik Kapfer 2020-05-07 10:46 ` [PATCH v2 2/2] update.sh: Stop|Start OpenVPN for update Erik Kapfer @ 2020-05-14 12:40 ` ummeegge 2020-05-14 14:38 ` Michael Tremer 1 sibling, 1 reply; 7+ messages in thread From: ummeegge @ 2020-05-14 12:40 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 1904 bytes --] Hi all, just as a reminder, should we release this update too ? This might be great cause there are a not so nice crypto bug in the current actual version --> https://community.openvpn.net/openvpn/ticket/1228#comment:31 which has been fixed in the actual one. Best, Erik Am Donnerstag, den 07.05.2020, 12:46 +0200 schrieb Erik Kapfer: > Beneath several smaller fixes, this version fixes also some OpenSSL > problems but also CVE-2020-11810. > The full changelog can be found in here > https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 . > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> > --- > lfs/openvpn | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lfs/openvpn b/lfs/openvpn > index 0ee437e78..779bf5520 100644 > --- a/lfs/openvpn > +++ b/lfs/openvpn > @@ -1,7 +1,7 @@ > #################################################################### > ########### > # > # > # IPFire.org - A linux based > firewall # > -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> > # > +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> > # > # > # > # This program is free software: you can redistribute it and/or > modify # > # it under the terms of the GNU General Public License as published > by # > @@ -24,7 +24,7 @@ > > include Config > > -VER = 2.4.8 > +VER = 2.4.9 > > THISAPP = openvpn-$(VER) > DL_FILE = $(THISAPP).tar.xz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = 03a4a077945c157703681a06935bc3f9 > +$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8 > > install : $(TARGET) > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 2020-05-14 12:40 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 ummeegge @ 2020-05-14 14:38 ` Michael Tremer 0 siblings, 0 replies; 7+ messages in thread From: Michael Tremer @ 2020-05-14 14:38 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 2369 bytes --] How many people have tested this release? OpenVPN updates usually come with plenty of regressions, so I would like to make sure that we are not finding those too late and have to halt the release again. > On 14 May 2020, at 13:40, ummeegge <ummeegge(a)ipfire.org> wrote: > > Hi all, > just as a reminder, should we release this update too ? This might be > great cause there are a not so nice crypto bug in the current actual > version --> > https://community.openvpn.net/openvpn/ticket/1228#comment:31 which has > been fixed in the actual one. *current or latest is the word you are looking for -Michael > > Best, > > Erik > > Am Donnerstag, den 07.05.2020, 12:46 +0200 schrieb Erik Kapfer: >> Beneath several smaller fixes, this version fixes also some OpenSSL >> problems but also CVE-2020-11810. >> The full changelog can be found in here >> https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 . >> >> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> >> --- >> lfs/openvpn | 6 +++--- >> 1 file changed, 3 insertions(+), 3 deletions(-) >> >> diff --git a/lfs/openvpn b/lfs/openvpn >> index 0ee437e78..779bf5520 100644 >> --- a/lfs/openvpn >> +++ b/lfs/openvpn >> @@ -1,7 +1,7 @@ >> #################################################################### >> ########### >> # >> # >> # IPFire.org - A linux based >> firewall # >> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> >> # >> +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> >> # >> # >> # >> # This program is free software: you can redistribute it and/or >> modify # >> # it under the terms of the GNU General Public License as published >> by # >> @@ -24,7 +24,7 @@ >> >> include Config >> >> -VER = 2.4.8 >> +VER = 2.4.9 >> >> THISAPP = openvpn-$(VER) >> DL_FILE = $(THISAPP).tar.xz >> @@ -40,7 +40,7 @@ objects = $(DL_FILE) >> >> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >> >> -$(DL_FILE)_MD5 = 03a4a077945c157703681a06935bc3f9 >> +$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8 >> >> install : $(TARGET) >> > ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-05-14 14:38 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-04-17 16:34 [PATCH] OpenVPN: Add to update and exclude Erik Kapfer 2020-04-17 17:41 ` Michael Tremer 2020-04-17 18:59 ` ummeegge 2020-05-07 10:46 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 Erik Kapfer 2020-05-07 10:46 ` [PATCH v2 2/2] update.sh: Stop|Start OpenVPN for update Erik Kapfer 2020-05-14 12:40 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 ummeegge 2020-05-14 14:38 ` Michael Tremer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox